Yii Framework Forum: How To Fix Csrf 400 Error While Deleting Records In Standard Crud? - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

How To Fix Csrf 400 Error While Deleting Records In Standard Crud? Gii generated CRUD source gives error 400 on delete Rate Topic: -----

#1 User is offline   _Stan_ 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 52
  • Joined: 18-January 13

Posted 23 January 2013 - 03:22 PM

I have a Gii generated CRUD source code and views. I need to enable CSRF protection. It is enabled and works ok in all other parts of the project, but brings the following error while I'm trying to delete a record from standard 'admin' screen: Error 400 The CSRF token could not be verified.

Here is the code I use:

$this->menu=array(
	array('label'=>'List', 'url'=>array('index')),
	array('label'=>'Create', 'url'=>array('create')),
	array('label'=>'Update', 'url'=>array('update', 'id'=>$model->id)),
	array('label'=>'Delete', 'url'=>'#', 'linkOptions'=>array('submit'=>array('delete','id'=>$model->id, 'YII_CSRF_TOKEN' => Yii::app()->request->csrfToken),'confirm'=>'Are you sure you want to delete this item?')),
	array('label'=>'Manage', 'url'=>array('admin')),
);


Please, note that CSRF token is added into parameters of "Delete" menu item. According to browser console, CSRF token is actually added and passed to the server. It is the same as when I click 'x' button in admin grid, which deletes records perfectly. The only difference I see in these two cases is that 'x' button appends 'ajax' parameter into URL.

What is a proper way to pass CSRF token from a menu like this?

Thanks in advance.
0

#2 User is offline   Sebastian 

  • Newbie
  • Yii
  • Group: Members
  • Posts: 9
  • Joined: 15-June 11

Posted 23 January 2013 - 06:35 PM

View Post_Stan_, on 23 January 2013 - 03:22 PM, said:

$this->menu=array(
	array('label'=>'Delete', 'url'=>'#', 'linkOptions'=>array('submit'=>array('delete','id'=>$model->id, 'YII_CSRF_TOKEN' => Yii::app()->request->csrfToken),'confirm'=>'Are you sure you want to delete this item?')),
);



I think it should work like this:
$this->menu=array(
	array('label'=>'Delete', 'url'=>'#', 'linkOptions'=>array('submit'=>array('delete','id'=>$model->id),'confirm'=>'Are you sure you want to delete this item?','csrf'=>true)),
);

1

#3 User is offline   _Stan_ 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 52
  • Joined: 18-January 13

Posted 24 January 2013 - 11:47 AM

It works, thanks. I wonder if some documentation exists on this. I can't find anything concrete about linkOptions.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users